api 规则定义_API有规则，而且功能强大

api 规则定义

Disclaimer: I am an independent researcher @Taraaz with no affiliation with any of the companies mentioned below.

免责声明：我是 @Taraaz 的独立研究 人员 ，与以下提到的任何公司均无关联。

Last month, my friend posted a story on Instagram. It was about boycotting a Unilever-made skin lightening product from India which goes by the brand name “Fair & Lovely.” The campaign’s goal? To bring attention to the larger problem of colorism in India.

上个月，我的朋友在Instagram上发布了一个故事。 这是关于抵制联合利华(Unilever)生产的印度亮肤产品，该产品的商标为“ Fair＆Lovely” 。 该运动的目标？ 引起人们对印度色彩问题的关注。

I’m not Indian. But the campaign’s message resonated with me. In Iran, where I grew up, I too encountered similar “beauty” products that claimed to be able to lighten the skin of those who used them. I took them for granted when I was a kid. But these days, in the wake of the Black Lives Matter movement, there’s been a moment of awakening for many from different countries who think about racism and colorism at home.

我不是印度人。 但是竞选活动的信息引起了我的共鸣。 在我长大的伊朗，我也遇到过类似的“美容”产品，这些产品声称能够减轻使用它们的人的皮肤。 我小时候把它们视为理所当然。 但是这些天来，随着“黑人生活问题”运动的到来，来自不同国家的许多人在家里都考虑到种族主义和色彩主义，这是一个觉醒的时刻。

While reading through tweets from the campaign, I began to think about the emotion behind these tweets. I wondered how Unilever would perceive and react to these tweets? Of course, their social media team wouldn’t be able to read every single tweet. But perhaps they use social media analysis tools –powered by emotion recognition technologies – to get a sense of people’s demand.

在阅读竞选活动中的推文时，我开始考虑这些推文背后的情感。 我想知道联合利华会如何看待并回应这些推文？ 当然，他们的社交媒体团队无法阅读每条推文。 但是也许他们使用由情感识别技术支持的社交媒体分析工具来了解人们的需求。

I’m a researcher in technology and human rights. My job is to understand how technical designs impact human rights. I know that one of the promises of text-based emotion analysis tools is to help companies to understand customer satisfaction based on social media engagement.

我是技术与人权研究人员。 我的工作是了解技术设计如何影响人权。 我知道，基于文本的情感分析工具的一项承诺是帮助公司基于社交媒体参与来了解客户满意度。

That’s why I decided to use the example of “Fair & Lovely” to scrutinize off-the-shelf machine learning-based emotion analysis APIs. How do these practices — which are now the norm among major brands — perform in a specific case such as this? In particular, I wondered whether the positive sentiment of the phrase “Fair & Lovely” might trick the emotion analysis tool and lead to the misclassification of a sentence’s sentiment, even if the overall sentiment of the sentence may not be positive.

这就是为什么我决定使用“公平可爱”的示例来仔细研究基于现成机器学习的情绪分析API。 这些做法(现在是主要品牌中的普遍做法)在这样的特定情况下如何表现？ 我特别想知道，“ Fair＆Lovely”一词的积极情绪是否会欺骗情绪分析工具，并导致句子情绪的错误分类 ，即使句子的整体情绪可能不是积极的。

This question led me to write this blog post, especially for developers who use machine learning technologies as a service (MLaaS) and also for my fellow human rights practitioners who are interested in examining human rights implications of tech companies’ third-party relationships.

这个问题使我撰写了这篇博客文章，特别是对于使用机器学习技术即服务(MLaaS)的开发人员，以及对研究技术公司的第三方关系对人权的影响感兴趣的我的其他人权从业人员。

• I’ll tell you why APIs terms are so important to understand, and what have been some misuses of APIs in the past few years.
  我将告诉您为什么理解API术语如此重要，以及过去几年对API的一些误用。

• I’ll choose IBM Tone Analyzer API and ParallelDots Text Analysis Emotion API to test their result on tweets about Unilever’s “Fair & Lovely” product. I’ll walk you through those APIs’ developers’ policies, terms of service, APIs documents, and show you what could be some criteria to consider before choosing that API.

  我将选择IBM Tone Analyzer API和ParallelDots Text Analysis Emotion API来测试有关联合利华“ Fair＆Lovely”产品的推文上的结果。 我将向您介绍这些API的开发人员政策，服务条款，API文档，并向您展示在选择该API之前可能要考虑的一些标准。

• I’ll provide a set of recommendations for developers who want to use general-purpose APIs for a specific domain in a responsible manner. I’ll also provide recommendations for auditors and human rights practitioners who study companies’ third-party relationships.
  我将为想要以负责任的方式针对特定域使用通用API的开发人员提供一系列建议。 我还将为研究公司的第三方关系的审计师和人权从业人员提供建议。

So, let’s say you are a developer or a social media analyst, and you are approached by Unilever to analyze the emotion behind customers’ social media engagement. What do you do?

因此，假设您是开发人员或社交媒体分析师，联合利华(Unilever)会联系您分析客户参与社交媒体背后的情感。 你是做什么？

As a hypothetical, we will assume that you don’t have the necessary skills, data, and computation power to build a whole custom machine learning model, nor do you want to use any pre-trained model. Instead, you choose the easiest route: an off-the-shelf general-purpose emotion-analysis API.

作为假设，我们将假设您没有构建完整的自定义机器学习模型所需的技能，数据和计算能力，也不希望使用任何经过预先训练的模型。 相反，您选择了最简单的方法：现成的通用情感分析API。

If that’s the case, what would be your criteria to choose and use these APIs in a responsible manner?

如果是这样，您以负责任的方式选择和使用这些API的标准是什么？

API有规则，而且功能强大 (APIs have rules — and power 🔍)

First, the basics. An Application Programming Interface (API) is what helps different software applications interact with each other. It allows one application to make a request (either data or service) and the other application respond to it. For example, if you are a social media company and want researchers to use your data to conduct research, you give them access to those data via an API. If you want IoT devices at home to interact with each other (for example your smart lamp reacts to events on your Google calendar) then you connect those services through APIs.

首先，基础知识。 应用程序编程接口(API)可以帮助不同的软件应用程序相互交互。 它允许一个应用程序发出请求(数据或服务)，而另一个应用程序对此作出响应。 例如，如果您是一家社交媒体公司，并且希望研究人员使用您的数据进行研究，则可以通过API授予他们访问这些数据的权限。 如果您希望家里的IoT设备相互交互(例如，智能灯对Google日历中的事件做出React)，则可以通过API连接这些服务。

But as with any kind of interaction, there need to be rules between those services before starting working with each other. These rules are set by APIs policies, developers’ policies, and Terms of Service.

但是，与任何类型的交互一样，在开始彼此合作之前，这些服务之间需要有规则。 这些规则由API政策，开发者政策和服务条款设置。

So far, so good. But when you give it more thought, you realize that those services make agreements between each other to provide services for you, as a user, or to handle your data, without you fully understand how they reach agreements.

到目前为止，一切都很好。 但是，当您多加考虑时，您会意识到这些服务之间会相互达成协议以为您 (作为用户)提供服务或处理您的数据，而无需您完全了解它们如何达成协议。

It’s kind of bizarre, right?

有点奇怪，对吧？

Here are a couple of reminders of why this sort of thing is important.

这里有一些提醒，说明这种事情为什么很重要。

1) You remember Cambridge Analytica and Facebook, right? (As a refresher, 87 million users’ information was “improperly” shared with Cambridge Analytica to analyze and manipulate Facebook users’ political behavior). Long story short, the underlying reason for such privacy-invasive data sharing practice was because of the abuse of Facebook’s APIs. As a result, Facebook restricted developers’ data access by making changes in their APIs policies.

1)您还记得Cambridge Analytica和Facebook， 对吗？ (作为复习，与剑桥分析公司“不当”共享了8700万用户的信息，以分析和操纵Facebook用户的政治行为)。 长话短说，这种侵犯隐私的数据共享做法的根本原因是因为滥用了Facebook的API。 结果，Facebook通过更改其API策略来限制开发人员的数据访问。

2) There are also concerns when ML APIs are used as analytical services. In this case, developers are the ones who have the data and go to big tech companies’ ML APIs to process that data (MLaaS). Joy Buolamwini and Timnit Gebru’s Gender Shades study revealed significant racial and gender discrimination of several Facial Recognition APIs. In fact, as a result, big tech companies limited providing their APIs to law enforcement agencies in the US (who knows about their business relationship with other countries though…? 🤷🏻‍♀️)

2)当将ML API用作分析服务时，也存在一些问题。 在这种情况下，开发人员就是拥有数据并前往大型科技公司的ML API来处理该数据(MLaaS)的人。 Joy Buolamwini和Timnit Gebru的“ 性别阴影”研究显示了几种面部识别API的明显种族和性别歧视。 实际上，结果是，大型科技公司将其API提供给美国的执法机构(尽管他们知道他们与其他国家的业务关系…？…‍🤷🏻️)

But what about developers’ responsibilities who want to use tech companies’ general-purpose services? Is there any guidance to help them choose and use those ML APIs responsibly in their specific domains?

但是，想要使用科技公司的通用服务的开发人员的责任又如何呢？ 是否有任何指南可帮助他们在其特定领域中负责任地选择和使用那些ML API？

情绪分析API：IBM Tone Analyzer或ParalletDots文本分析？ (An emotion analysis API: IBM Tone Analyzer or ParalletDots Text Analysis?)

As a developer, if you don’t want to build an ML system from scratch nor do you want to use a pre-trained model, the other option is to use cloud-based ML APIs. Everything is ready to go: you set up a developer account and receive API credentials, you provide input data, the service provider works its “magic,” and you receive the results as output. Easy! You don’t even need any knowledge about data science and machine learning to be able to integrate that API with your product. Or at least, this is how companies market their services.

作为开发人员，如果您不想从头开始构建ML系统，也不想使用预先训练的模型，那么另一种选择是使用基于云的ML API。 一切准备就绪：您设置了开发人员帐户并获得了API凭证，提供了输入数据，服务提供者发挥了“魔力”，然后将结果作为输出接收。 简单！ 您甚至不需要任何有关数据科学和机器学习的知识，就能将该API与您的产品集成。 至少，这就是公司营销其服务的方式。

As a developer, you have an obvious set of criteria to choose a service, right: criteria such as accuracy, cost, and speed. But what if you wanted to pick your ML API service based on other criteria, such as privacy, security, fairness, and transparency? What process do you go through? What do you check?

作为开发人员，您有一套显而易见的选择服务标准，正确的是：诸如准确性，成本和速度之类的标准。 但是，如果您想根据其他标准(例如隐私，安全性，公平性和透明度)来选择ML API服务，该怎么办？ 您要经历什么过程？ 你查什么？

Let’s go back to the “Fair & Lovely” tweets. Putting myself of our hypothetical developer, I collected several hundred tweets about “fair & lovely” in the English language using Twint. Next, I looked at RapidAPI, a platform that helps developers to manage and compare different APIs, and picked IBM Watson Tone Analyzer and ParrallelDots as the best options. Both services promise to infer emotions including fear, anger, joy, happiness, etc. from tweets.

让我们回到“公平可爱”的推文上 。 让我成为假设的开发人员，我使用Twint收集了数百条有关英语中“公平和可爱”的推文。 接下来，我查看了RapidAPI (一个可帮助开发人员管理和比较不同API的平台)，并选择了IBM Watson Tone Analyzer和ParrallelDots作为最佳选择。 两种服务都承诺从推文中推断出包括恐惧，愤怒，喜悦，幸福等情绪。

Then I registered with both services and received API credentials for free developer accounts. IBM’s free “Lite” account provides 2500 API calls per month; ParallelDots is free for 1000 API hits/day.

然后，我同时注册了这两项服务，并获得了免费的开发人员帐户的API凭据。 IBM的免费“ Lite”帐户每月提供2500次API调用。 ParallelDots免费提供每天1000次API点击。

Finally, I ran the experiments below. These are a result of providing my corpus of “fair & lovely” tweets as input and then gathering the APIs’ output. You can see more examples in this spreadsheet.

最后，我进行了以下实验。 这些是提供我的“公平和可爱”推文集作为输入，然后收集API的输出的结果。 您可以在此电子表格中看到更多示例。

Please note the drastically different results of the two services.

请注意，两种服务的结果截然不同。

I also changed the word “fair & lovely” to more neutral phrases such as “your product” and “this product.” The output result changed. However, from a human analytical standpoint the message — and its sentiment — are the same.

我还将“公平而可爱”一词改为了更中性的词组，例如“您的产品”和“此产品”。 输出结果已更改。 但是，从人类分析的角度来看，信息及其情感是相同的。

At this point, I wouldn’t use either of these tools for this specific case! You tell me if the sentence “Unilever- cancel fair & lovely -sign the petition!” is joyous! 🤦🏻‍♀️

在这一点上，在这种情况下，我不会使用任何一种工具！ 你告诉我，如果句子“ Unilever-取消公平和可爱-签署请愿书！” 很高兴！ ♀‍♀️

However, let’s say our hypothetical developer still thinks that there are benefits for using these tools.

但是，假设我们的假设开发人员仍然认为使用这些工具会有好处。

In that case, we’d need to take into account the following criteria. I have to say this list is very preliminary and by no means comprehensive. But at least it gives you a sense of what to look for if you, as a developer, decide to use these tools.

在这种情况下，我们需要考虑以下条件。 我必须说这个清单是非常初步的，绝不是全面的。 但是至少，如果您作为开发人员决定使用这些工具，它至少可以使您了解要寻找的内容。

注册：隐私政策和服务条款 (Registration: privacy policies and terms of service)

When you want to sign up for a developer account, always read the complete Terms of Service (ToS) and privacy policy. Crucially, this is different from a company website’s terms and policies.

当您想要注册开发者帐户时，请务必阅读完整的服务条款(ToS)和隐私权政策。 至关重要的是，这与公司网站的条款和政策不同。

In particular, be vigilant for information about how the data you provide as input is going to be handled. There is a service called Polisis that helps you to compare policies from different service providers (it’s not perfect, but it is still helpful).

尤其要警惕有关如何处理您作为输入提供的数据的信息。 有一项名为Polisis的服务可以帮助您比较不同服务提供商的策略(虽然不完美，但仍然很有用)。

Read the developer’s privacy policy and product-specific policy to understand what data from you (as an account holder) the company collects, how they protect them? Do they encrypt the data at rest and in transit? Is the data they collect personally identifiable? Do they define what they mean by metadata? Do they collect the data you provide as an input to the service? Do they retain it? For how long? Do they keep the log files?

阅读开发者的隐私权政策和特定于产品的政策，以了解公司从您(作为帐户持有人)那里收集了哪些数据，它们如何保护它们？ 他们是否对静态和传输中的数据进行加密？ 他们收集的数据可以个人识别吗？ 它们是否定义了元数据的含义？ 他们是否收集您提供的数据作为服务的输入？ 他们保留吗？ 多长时间？ 他们是否保留日志文件？

Here’s a comparison between the policies of the two services. (For the rest of this post, my comparisons between the details of IBM Tone Analyzer and ParallelDots will appear in gray text boxes like the one below, featuring summaries of what I found in their posted policies and documentation).

这是两种服务的策略之间的比较。 (对于本文的其余部分，我在IBM Tone Analyzer和ParallelDots的详细信息之间进行的比较将显示在下面的灰色文本框中，其中包含我在其发布的策略和文档中所得到的摘要)。

IBM Tone Analyzer: When you want to create a developer account, IBM points you to their general privacy policy that lists everything from website visit to using cloud services. There are some vague statement such as:• "IBM may also share your personal information with selected partners to help us provide you ..." Who are their partners though?!• Or "We will not retain personal information longer than necessary to fulfill the purposes for which it is processed." What is "longer than necessary?"If you want specific information about data collection and retention via Tone Analyzer API go to the product document page. Some relevant information includes:• "Request logging is disabled for the Tone Analyzer service.the service does not log or retain data from requests and responses."• The service "processes but does not store users' data. Users of the Tone Analyzer service do not need to take any action to identify, protect, or delete their data for this service."ParallelDots: The website says that ParallelDots “protects your data and follow the GDPR compliance guidelines to the last word.” But it doesn’t go further? Which data? Metadata or developers’ information or users’ data? • ParallelDots' ToS says "you may not access the services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes" This is bizarre to me, does that mean I broke their Tos?!

文献资料 (Documentation)

If a company has already provided documentation such as Model Card for Model Reporting for that specific API, read it before using the service. If not, good luck on finding such important information! Look at the API’s documents and dig in for information about API security, background research. papers, training data, architecture and algorithms, evaluation metrics, and recommended use and not-to-use cases.

如果公司已经提供了该特定API的文档，例如用于模型报告的模型卡 ，请在使用该服务之前先阅读该文档。 如果没有，请找到这些重要信息，祝您好运！ 查看API的文档，并深入了解有关API安全性和背景研究的信息。 论文，培训数据，体系结构和算法，评估指标以及推荐使用和不使用的案例。

🔐 API Security. During the past few years, there have been numerous examples of data breaches via the use of insecure APIs. It’s an API provider’s responsibility to be able to detect security vulnerabilities, identify suspicious requests, provide encrypted traffic, and traffic monitoring methods. Make sure an API provider has already put these security practices in place — and read more about APIs security here.

🔐API 安全性。 在过去的几年中，通过使用不安全的API出现了许多数据泄露的例子。 API提供者的职责是能够检测安全漏洞，识别可疑请求，提供加密的流量以及流量监控方法。 确保API提供者已经实施了这些安全性实践-并在此处阅读有关API安全性的更多信息。

Here’s another comparison, this time comparing API security:

这是另一个比较，这次比较的是API安全性：

IBM Tone Analyzer: • IBM suggests developers use IBM Cloud Activity Tracker with LogDN to monitor the activity of an IBM Cloud account and investigate abnormal activity.• The service also requires a strong password and sends you a verification code to confirm your developer account.ParallelDots: There is no information about API security in the API document page. However they mentioned that they only provide encrypted access to premium content. • For registration, developers are not required to set a strong password, however, ParallelDots sends you a verification email to confirm your account.

🌏 Accurate and Precise… but for who? In the example of “Fair & Lovely,” language plays an important role. English-only tweets don’t provide an accurate understanding of discussions around the product because it’s not one restricted to a single language.

🌏 准确而精确……但是对于谁呢？ 在“公平与可爱”的示例中，语言扮演着重要角色。 仅限英文的推文无法提供对产品讨论的准确理解，因为它不仅限于一种语言。

Check the API to see if it support other languages. If so, what is the accuracy rate for different languages? Service providers often say they support multiple languages, but don’t provide broken down details about accuracy and other evaluation metrics for each language. Dig in the API document, background research pages, and try to find metrics for different sub-categories.

检查API以查看其是否支持其他语言。 如果是这样， 不同语言的准确率是多少？ 服务提供商经常说他们支持多种语言，但没有提供每种语言的准确性和其他评估指标的详细信息。 在API文档，背景研究页面中进行挖掘，并尝试查找不同子类别的指标。

In our case, here’s what I found:

在我们的案例中，这是我发现的内容：

IBM Tone Analyzer: The company listed 11 supported languages. However, there is no breakdown information about accuracy or other evaluation metrics based on different languages.ParallelDots: The company listed 14 supported languages. However, there is no information about accuracy or other evaluation metrics based on different languages.

❗️Suggested (Not) Use Cases. Companies also provide guidance about the suggested use of their services, but sometimes the use case can be dangerous or unethical. Companies need to be transparent about the cases in which developers should not use their services.

❗️ 建议(非)用例。 公司还提供有关建议使用其服务的指导，但有时用例可能是危险的或不道德的。 公司必须对开发人员不应使用其服务的情况保持透明。

IBM Tone Analyzer: Tone Analyzer use cases according to the document page include predicting customer satisfaction in support forums; predicting customer satisfaction in Twitter responses; predicting online dating matches; Predicting TED Talk applause. There is no indication about Not-to-Use Cases.ParallelDots: There are two suggested use cases: “target[ing] detractors to improve service to them” and “brand-watching.” There is no indication about Not-to-Use Cases.

⚖️ Fairness Practices. In the past couple of years, researchers and practitioners have raised awareness about discriminatory outcomes of machine learning systems. They’ve provided numerous toolkits to help companies assess the human rights implications of their tools and be transparent about potential social risks. I keep track of different initiatives, papers, toolkits here.

Fair️ 公平实践。 在过去的几年中，研究人员和从业人员提高了对机器学习系统歧视性结果的认识。 他们提供了许多工具包，以帮助公司评估其工具对人权的影响，并对潜在的社会风险保持透明。 我在这里跟踪不同的计划，论文和工具包。

But how many companies provide that information for their specific ML APIs?

但是，有多少公司为其特定的ML API提供该信息？

IBM Tone Analyzer: IBM provides information about background research, data collection process (twitter data), and data annotation method. However there is no mention of potential discrminatory outcomes and no breakdown information about demographics and measurement based on different sub-groups (language, gender, age, etc.)• Fun fact: IBM Research is one of the pioneers in providing fairness and explanability toolkits (check out IBM 360). They also proposed using FactSheets for every ML model to show the origin of training datasets, model specifications, and use cases. But when it comes to their own model, you rarely find such information on their product pages! This reminded me of the great piece of poem from Nizami, basically meaning first fix your own flaws before being too critical of others:عیب کسان منگر و احسان خویش      دیده فرو کن بگریبان خویشParallelDots: I found no information about fairness practices.

🛠 Maintenance and Updates

🛠 维护和更新

IBM Tone Analyzer: The company frequently update the service and provides information about the updates. However, in some updates there are generic sentecs including "The service was also updated for internal changes and improvements." What are those internal changes and improvements?ParallelDots: I couldn't find information about updates and maintenance. 

💬 Developers Community. Communities of developers(via Slack Workspace, Stack Overflow, GitHub, etc) help share feedback, interact with themselves and service providers, and raise issues around privacy, security, fairness, explainability about a certain product and in a specific domain.

💬开发者社区。 开发者社区(通过Slack Workspace，Stack Overflow，GitHub等)有助于共享反馈，与他们自己和服务提供商进行交互，并引发有关特定产品和特定领域的隐私，安全性，公平性，可解释性的问题。

IBM Tone Analyzer: IBM Watson provides Slack workspace (there is no dedicated channel for ethical uses, however) and a Stack Overflow developers community. The Github page for the Tone Analyzer is here. ParallelDots: The company has a GitHub page.

推荐建议 (Recommendations)

给开发者 (To developers)

• Don’t use machine learning APIs blindly, especially if they are black boxes. In addition to criteria such as cost, speed, and accuracy — as marketed by a service provider — consider criteria related to fairness, privacy, security, and transparency.

  不要盲目使用机器学习API，尤其是当它们是黑匣子时。 除服务提供商所销售的成本，速度和准确性等标准外，还要考虑与公平性，私密性，安全性和透明性相关的标准。

• If it’s not documented, reach out to service providers and ask them whether they have conducted any fairness audits. It’s their responsibility to publish this information online or walk you through it. Use your buying power, they’ll listen!

  如果没有记录，请与服务提供商联系，询问他们是否进行了任何公平性审核。 他们有责任在网上发布此信息或引导您进行逐步了解。 使用您的购买力，他们会听的！

• Think about the domain for which you will be using the tool. Who might be affected disproportionally by the outcome of integrating a given ML API with your product? Think about gender, race, religion, age, language, accent, country, socio-economic status (read this to learn more about vulnerable groups who are protected under human rights conventions). I keep track of different ML assessment tools here; you might find them helpful in your assessment process.

  考虑您将使用该工具的域。 谁可能会受到结果的不成比例的影响 将给定的ML API与您的产品集成？ 想想性别，种族，宗教，年龄，语言，口音，国家，社会经济地位(读这更多地了解谁是人权公约所保护的弱势群体)。 我在这里跟踪不同的机器学习评估工具； 您可能会发现它们对您的评估过程有帮助。

• Try to find benchmark datasets that relate to discriminatory outcomes of ML projects (Equity Evaluation Corpus is an example of a benchmark dataset used to examine biases in sentiment analysis systems). Reach out to people who are involved in creating such benchmarks and ask them for help to scrutinize the API in your specific domain. Check out FAccT conference directory for finding people who work on these issues.

  尝试查找与ML项目的歧视性结果相关的基准数据集 (股权评估语料库是用于检查情绪分析系统中偏差的基准数据集的示例)。 与参与创建此类基准测试的人员联系，并请他们寻求帮助来仔细检查您特定域中的API。 查看FAccT会议目录，查找从事这些问题的人员。

• When you suspect something is ethically wrong with an API service in your specific domain, share it with other developers by opening an issue on that service’s GitHub page, Stack Overflow, or developers’ community pages. Almost all service providers have these platforms for the developers to share their issues. Service providers might say it is impossible to test and audit their tools for every single domain because their service is a general-purpose tool. But you can inform them about ethical issues you face within a specific domain for your use cases. By providing public information you can also help other developers who might want to use that service!

  如果您怀疑特定域中的API服务在道德上有问题，请在该服务的GitHub页面，Stack Overflow或开发者社区页面上打开一个问题，与其他开发者共享它。 几乎所有服务提供商都拥有这些平台，供开发人员共享他们的问题。 服务提供商可能会说不可能针对每个域测试和审核他们的工具，因为他们的服务是通用工具。 但是您可以告知他们有关用例的特定领域内您面临的道德问题。 通过提供公共信息，您还可以帮助其他想要使用该服务的开发人员！

• If you integrate third party ML APIs in your product, mention it in your product’s privacy policy and terms of services. Don’t minimize it to a sentence saying “we use other parties’ services.” Include information about those third-party services — in this case, an ML service provider. Be transparent about how users’ data are handled because of that specific third-party relationship.

  如果您在产品中集成了第三方ML API，请在产品的隐私权政策和服务条款中提及。 不要将其最小化为“我们使用其他方的服务”。 包括有关这些第三方服务的信息，在本例中为ML服务提供商。 由于特定的第三方关系，因此对于用户数据的处理方式应保持透明。

到机器学习API服务提供商 (To Machine Learning APIs Service providers)

The focus of this post was not on service providers but on third-party developers. However, to highlight some of the service providers’ responsibilities when it comes to informing developers, I would say:

这篇文章的重点不是服务提供商，而是第三方开发人员。 但是，要强调通知服务开发人员时服务提供商的某些职责，我要说：

• Document and be transparent! Don’t bury fairness criteria in a 500-page document. Use more visible and friendly user Interfaces to guide developers to read about fairness and privacy criteria before signing up to use your service.

  文档并保持透明！ 不要将公平标准掩埋在500页的文件中。 使用更直观，更友好的用户界面来指导开发人员在注册使用您的服务之前先了解公平性和隐私权标准 。

• Add issues related to the fairness, security, and privacy of your own API services in your developers’ portals and community pages. Let developers discuss these issues within those portals (e.g. creating a dedicated Slack channel within developers’ Workspace) and encourage developers to share their experience dealing with fairness, privacy, and security while using your services (IBM 360 Slack Channel, Salesforce UI warnings are good examples). Don’t only showcase “successful” uses and positive testimonial on your marketplace page!

  在开发人员的门户和社区页面中添加与您自己的API服务的公平性，安全性和隐私性有关的问题。 让开发人员在这些门户中讨论这些问题(例如，在开发人员的工作区中创建专用的Slack通道)，并鼓励开发人员在使用服务时分享他们在处理公平性，隐私和安全性方面的经验( IBM 360 Slack Channel ， Salesforce UI警告是不错的选择)例子)。 不仅要在您的市场页面上展示“成功”的用法和正面的评价！

• Each tier of developer account (free, standard, premium) brings different levels of responsibilities for you. Develop privacy-protective practices to monitor potential misuses of your services. This paper offers some feasible solutions: Monitoring Misuse for Accountable ‘Artificial Intelligence as a Service.’

  每层开发人员帐户(免费，标准，高级)为您带来不同级别的责任。 制定保护隐私的做法，以监视对服务的潜在滥用。 本文提供了一些可行的解决方案： 监视对负责任的“人工智能即服务 ”的滥用 。

致ML审核员和人权与技术从业人员 (To ML Auditors and Human Rights & Technology Practitioners)

We hear a lot about democratizing building blocks of digital technologies; also we hear a lot about the interoperability of digital services. These are all good. But they bring new kinds of interactions, data flows, and data ownership matters.

我们听到了很多关于使数字技术的基础架构民主化的信息。 我们也听到了很多有关数字服务互操作性的信息。 这些都很好。 但是它们带来了新型的交互，数据流和数据所有权问题。

The purpose of this blog post has been to raise awareness about the importance of these often-overlooked relationships and actors. It’s for developers to think about their responsibilities before integrating these APIs into their services. But it’s also for human rights practitioners, privacy advocates, ethical tech researchers to dissect these issues and find practical guidance to help smaller actors in our data-driven world.

这篇博客的目的是提高人们对这些经常被忽视的关系和参与者的重要性的认识。 这是让开发人员在将这些API集成到其服务中之前考虑其职责的。 但是，对于人权从业者，隐私倡导者，道德技术研究人员来说，也要剖析这些问题并找到实用的指南，以帮助我们数据驱动的世界中的小规模参与者。

• Scrutinize third-party relationships when you audit a certain product/service and try to assess potential adverse human rights impacts of it. Both groups play a role when things go wrong. Going forward, let’s pay more attention to such things as supply chain issues, and carefully examine the role and responsibilities of different actors of the digital technologies ecosystem.

  当您审核某种产品/服务并尝试评估其潜在的不利人权影响时，请仔细检查第三方关系。 出现问题时，这两个小组都将发挥作用。 展望未来，让我们更加关注供应链问题，并仔细检查数字技术生态系统不同参与者的角色和责任。

I work on issues at the intersection of technology and human rights. If you are a developer and have been thinking about ways to choose and use building blocks of your product more responsibly please reach out to me. I would be happy to speak with you: rpakzad@taraazresearch.org.

我致力于技术与人权的交汇处。 如果您是开发人员，并且一直在考虑更负责任地选择和使用产品构建块的方法，请与我联系。 我很高兴与您交谈：rpakzad@taraazresearch.org。

If you are interested in tech & human rights check out Taraaz’s website and sign up for our newsletter.

如果您对技术和人权感兴趣，请访问 Taraaz的 网站并注册我们的 新闻通讯 。

翻译自: https://medium.com/taraaz/developers-choose-wisely-a-guide-for-responsible-use-of-machine-learning-apis-e006e4263cae

api 规则定义